Bug#435385: iceape browser leaks TCP sockets to children

Jasen Betts jasen at free.net.nz
Tue Jul 31 11:43:23 UTC 2007


Package: iceape
Version: 1.0.9-0etch1
Severity: minor


dunno if this is a security risk but after downloading a PDF and
selecting open with /usr/bin/xpdf  iceape passes TCP sockets to the
instance of xpdf it spawns to open the downloaded file.

lsof(8) output:

xpdf.bin   5982       jasen   44u     IPv4    1246027 TCP address.witheld:35915->www.eecs.umich.edu:www (CLOSE_WAIT)
xpdf.bin   5982       jasen   45u     IPv4    1246028 TCP address.witheld:35916->www.eecs.umich.edu:www (CLOSE_WAIT)

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_NZ, LC_CTYPE=en_NZ (charmap=ISO-8859-1)

Versions of packages iceape depends on:
ii  iceape-browser              1.0.9-0etch1 Iceape Navigator (Internet browser
ii  iceape-mailnews             1.0.9-0etch1 Iceape Mail & Newsgroups and Addre

Versions of packages iceape recommends:
ii  iceape-chatzilla            1.0.9-0etch1 Iceape Chatzilla IRC client

-- debconf-show failed




More information about the pkg-mozilla-maintainers mailing list